From: George Thessalonikefs <george@nlnetlabs.nl>
Date: Wed, 2 Feb 2022 09:47:08 +0000 (+0100)
Subject: Changelog entry for #532
X-Git-Tag: release-1.15.0rc1~13^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=506d24c7a6e01819e8ef46c2460202fdb32b22b6;p=thirdparty%2Funbound.git

Changelog entry for #532
- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
---

diff --git a/doc/Changelog b/doc/Changelog
index 56da7994b..8c992c4bf 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+2 February 2022: George
+	- Merge PR #532 from Shchelk: Fix: buffer overflow bug.
+
 1 February 2022: George
 	- Merge PR #603 from fobser: Use OpenSSL 1.1 API to access DSA and RSA
 	  internals.
diff --git a/sldns/str2wire.c b/sldns/str2wire.c
index 769ba1b79..d2cefae1c 100644
--- a/sldns/str2wire.c
+++ b/sldns/str2wire.c
@@ -604,6 +604,9 @@ sldns_affix_token(sldns_buffer* strbuf, char* token, size_t* token_len,
 	size_t addstrlen = 0;
 
 	/* add space */
+	/* when addlen < 2, the token buffer is full considering the NULL byte
+	 * from strlen and will lead to buffer overflow with the second
+	 * assignement below. */
 	if(addlen < 2) return 0;
 	token[*token_strlen] = ' ';
 	token[++(*token_strlen)] = 0;